acm-header
Sign In

Communications of the ACM

Home/News/Docker Servers Targeted by Kinsing Malware Campaign/Full Text
ACM TechNews

Docker Servers Targeted by Kinsing Malware Campaign

By ZDNet
April 14, 2020
Comments
View as: Print Mobile App Share:
A hacker.

Researchers say a misconfigured API port has led to a months-long campaign in which cybercriminals have been launching daily Kinsing malware attacks that number in the thousands.

Credit: softpedia.com

Over the past few months, a malware campaign has been scanning the Internet for Docker servers running API ports exposed without a password.

Then, the hackers are breaking into the unprotected hosts and installing a new crypto-mining software called Kinsing, according to researchers at Aqua Security.

After the hackers find a Docker instance with an exposed API port, they use the access to spin up an Ubuntu container, and download and install the Kinsing malware.

In addition to mining cryptocurrency on the hacked Docker instance, the malware runs scripts that remove other malware that may be running locally.

It also gathers local SSH credentials in an effort to spread to a company's container network, in order to infect other cloud systems with the same malware.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account